Report: More flaws found in Microsoft's Vista

Security researchers, hackers find error in software code, including one underlying Internet Explorer 7.


NEW YORK (CNNMoney.com) -- Computer security researchers and hackers have found more flaws in Microsoft's Vista, the long-awaited update to the Windows operating system, according to a report Monday.

One programmer said it was possible to increase a user's privileges on all of the company's recent operating systems, including Vista, while a computer security firm said that it found five other vulnerabilities, including one error in the software code underlying the company's new Internet Explorer 7 browser, the New York Times reported.

TECHNOLOGY

The browser flaw means that users could become infected with malicious software simply by visiting a particular Web site, according to the report.

That would make it possible for an attacker to inject rogue software into the Vista-based computer, the paper said, citing executives at Determina, a maker of software intended to protect against vulnerabilities.

The new operating system - Microsoft's (Charts) first update to Windows in five years - is crucial for the world's biggest software company. Microsoft has been facing stiff competition from companies like Google (Charts), which has begun offering Web-based applications that rival traditional desktop software.

On Saturday, Nicole Miller, a Microsoft spokeswoman, said the company was investigating the reported browser flaw and that it was not aware of any attacks attempting to use the vulnerability, the paper said.

Microsoft officials were not immediately available for comment on Monday.

The Determina researchers told the paper they had notified Microsoft of four other flaws they had discovered, including a bug that would make it possible for an attacker to repeatedly disable a Microsoft Exchange mail server simply by sending the program an infected e-mail message.

Last week, the chief technology officer of Trend Micro, a Tokyo-based computer security firm, said he had discovered an offer on an underground computer discussion forum to sell information about a security flaw in Vista for $50,000, according to the Times.

Many computer security companies say that there is a lively underground market for information that would permit attackers to break in to systems via the Internet, the paper said.

Welcome back, Microsoft

It's official: Microsoft launches Vista  Top of page

Most stock quote data provided by BATS. Market indices are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer.

Morningstar: © 2014 Morningstar, Inc. All Rights Reserved.

Factset: FactSet Research Systems Inc. 2014. All rights reserved.

Chicago Mercantile Association: Certain market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved.

Dow Jones: The Dow Jones branded indices are proprietary to and are calculated, distributed and marketed by DJI Opco, a subsidiary of S&P Dow Jones Indices LLC and have been licensed for use to S&P Opco, LLC and CNN. Standard & Poor's and S&P are registered trademarks of Standard & Poor’s Financial Services LLC and Dow Jones is a registered trademark of Dow Jones Trademark Holdings LLC. All content of the Dow Jones branded indices © S&P Dow Jones Indices LLC 2014 and/or its affiliates.

Most stock quote data provided by BATS. Market indices are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer.

Morningstar: © 2014 Morningstar, Inc. All Rights Reserved.

Factset: FactSet Research Systems Inc. 2014. All rights reserved.

Chicago Mercantile Association: Certain market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved.

Dow Jones: The Dow Jones branded indices are proprietary to and are calculated, distributed and marketed by DJI Opco, a subsidiary of S&P Dow Jones Indices LLC and have been licensed for use to S&P Opco, LLC and CNN. Standard & Poor's and S&P are registered trademarks of Standard & Poor’s Financial Services LLC and Dow Jones is a registered trademark of Dow Jones Trademark Holdings LLC. All content of the Dow Jones branded indices © S&P Dow Jones Indices LLC 2014 and/or its affiliates.